ICT Security-Sécurité PC et Internet

Les applications Hotspot Shield, PureVPN et ZenMate exhibent des vulnérabilités

Qui laissent les adresses IP des utilisateurs filtrer
Le 14 mars 2018, par Patrick Ruiz, Chroniqueur Actualités
Des services VPN populaires exhibent des failles de sécurité qui permettent la divulgation des informations sensibles de leurs utilisateurs. L’information est de vpnMentor, un site qui a vocation à les classer ; ce dernier pointe Hotspot Shield, PureVPN et ZenMate du doigt. Le site dit s’être appuyé sur l’expertise de trois chercheurs en sécurité spécialisés en la matière. Dans le détail technique publié par ces derniers, on peut d’ores et déjà dire que les vulnérabilités sont liées à des soucis avec des scripts de configuration de proxy.

Le rapport des chercheurs crédite Hotspot Shield de trois entrées dans la base de données du projet Common Vulnerabilities and Exposures (CVE). La faille référencée CVE-2018-7880 illustre clairement le propos des chercheurs. Une analyse du script de configuration de proxy (d’une version non corrigée du plugin Chrome de Hotspot Shield) a révélé qu’il suffit qu’une URL contienne une interface logique de réseau (un hôte local) pour contourner le VPN.

Dit autrement, il suffit qu’un attaquant amène un internaute à visiter une adresse du type localhost.test.com pour que le VPN cesse de le protéger. Dans ce cas, le navigateur se connecte directement à la cible sans suivre les règles inscrites dans le fichier de configuration de proxy.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=VPN

A flaw in Hotspot Shield can expose VPN users, locations
The virtual private network says it provides a way to browse the web "anonymously and privately," but a security researcher has released code that could identify users' names and locations.

A security researcher has found a way to identify users of Hotspot Shield, a popular free virtual private network service that promises its users anonymity and privacy.

Hotspot Shield, developed by AnchorFree, has an estimated 500 million users around the world relying on its privacy service. By bouncing a user's internet and browsing traffic through its own encrypted pipes, the service makes it harder for others to identify individual users and eavesdrop on their browsing habits.

But an information disclosure bug in the privacy service results in a leak of user data, such as which country the user is located, and the user's Wi-Fi network name, if connected.

That information leak can be used to narrow down users and their location by correlating Wi-Fi network name with public and readily available data.

"By disclosing information such as Wi-Fi name, an attacker can easily narrow down or pinpoint where the victim is located," said Paulos Yibelo, who found the bug. Combined with knowing the user's country, "you can narrow down a list of places where your victim is located," he said.

ZDNet was able to independently verify Yibelo's findings by using his proof-of-concept code to reveal a user's Wi-Fi network. We tested on several machines and different networks, all with the same result.

VPNs are popular for activists or dissidents in parts of the world where internet access is restricted because of censorship, or heavily monitored by the state, as these services mask a user's IP addresses that can be used to pinpoint a person's real-world location.

Being able to identify a Hotspot Shield user in an authoritarian state could put them at risk!!!

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=VPN